Testimony Before The U.S. House
Judiciary Committee Concerning Computer Encryptionby Jamie Gorelick
United States
Deputy Attorney General

September 25, 1996

Thank you, Mr. Chairman and members of the Committee,
for providing me with this opportunity to discuss with you the Administration's
policy on the important and complex issue of encryption and our position on H.R.
3011. Although the Department of Justice opposes H.R. 3011, we look forward to
continuing the productive discussions we have had with Congress on this issue.

Since 1992, when AT&T announced its plan to
sell a small, portable telephone device that would provide users with low-cost
but robust voice encryption, the issue of encryption -- that is, the use of mathematical
algorithms to protect the confidentiality of data -- has been vociferously debated
in the United States. Some people -- legitimately concerned about privacy, commerce,
and computer security -- have advocated the unfettered proliferation of strong
encryption products, and disapprove of the Administration's attempt to promote
cryptographic methods that allow for law enforcement access to plain text. They
have argued that government should simply stay out of the encryption issue entirely.
Government controls on the export of strong cryptography have come in for particular
criticism. In the din of the debate and in some legislative proposals, however,
the significant impact that unbreakable encryption would have on domestic law
enforcement and national security has often been ignored or understated.

First, let me make clear that we believe that
the availability and use of strong cryptography are critical if the "Global Information
Infrastructure" (GII) is to fulfill its promise. Communications and data must
be protected -- both in transit and in storage -- if the GII is to be used for
personal communications, financial transactions, medical care, the development
of new intellectual property, and myriad other applications. Indeed, people sometimes
lose sight of the fact that law enforcement is responsible, in part, for protecting
privacy and promoting commerce over our nation's communications networks. We protect
communications privacy, for instance, by prosecuting those who would violate the
communications privacy of others, and we help promote commerce by enforcing laws
that protect intellectual property rights, by combating computer and communications
fraud, and by helping to protect the confidentiality of business data. Our support
for robust encryption stems from this commitment to protecting privacy and commerce.

At the same time, however, we must be mindful
of our other principal responsibilities: protecting public safety and national
security against the threats posed by terrorists, organized crime, foreign intelligence
agents, and others, and to prosecute serious crime when it does occur. Thus, notwithstanding
the significant benefits of encryption, we are gravely concerned that the proliferation
and use of unbreakable encryption would seriously undermine our ability to perform
these critical missions.

Court-authorized wiretaps have proven to be
one of the most successful law enforcement tools in preventing and prosecuting
serious crimes, including terrorism. In addition, as society becomes more dependent
on computers, evidence (and the fruits) of crimes are increasingly found in stored
computer data, which can be searched and seized pursuant to court-authorized warrants.
But if unbreakable encryption proliferates, these critical law enforcement tools
would be nullified. Thus, for example, even if the government satisfies the rigorous
legal and procedural requirements for obtaining a wiretap order (which can be
obtained only in limited circumstances), the wiretap would essentially be worthless
if the intercepted communications of the targeted criminals amount to an unintelligible
jumble of noises or symbols. The potential harm to law enforcement -- and to the
nation's domestic security -- could be devastating.

Our concern is neither theoretical nor overstated.
We have already begun to encounter the harmful effects of encryption in recent
investigations.

- In the Aldrich Ames spy case, Ames was instructed
by his Soviet handlers to encrypt computer file information to be passed to them.

- Ramzi Yousef, recently convicted of conspiring
to blow up 10 U.S.-owned airliners in the Far East, and his co-conspirators apparently
stored information about their terrorist plot in an encrypted computer file in
Manila. (Yousef is also one of the alleged masterminds of the World Trade Center
bombing.)

- In a child pornography case, one of the subjects
used encryption in transmitting obscene and pornographic images of children over
the Internet.

- In a major international drug-trafficking
case, the subject of a court-ordered wiretap used a telephone encryption device,
significantly hindering the surveillance.

- Some of the anti-government militia groups
are now promoting the use of encryption as a means of thwarting law enforcement
investigations.

- In several major hacker cases, the subjects
have encrypted computer files, thereby concealing evidence of serious crimes.

These are just a few examples of recent cases
involving encryption. As encryption proliferates and becomes an ordinary component
of mass market items, and as the strength of encryption products increases to
the point of denying law enforcement access to intercepted communications or stored
electronic evidence, the threat to public safety will increase exponentially.

Some people argue that individuals should have
a right to absolute privacy from governmental intrusion, regardless of the costs
to public order and safety, and that any new technology that enhances absolute
privacy should go unrestricted. But our society has never recognized an absolute
right to privacy. Rather, the Fourth Amendment strikes a careful balance, permitting
government invasion of privacy (including searches of someone's personal communications
and papers) to prevent, solve, and prosecute crimes, but only when the government
demonstrates "probable cause" and, absent exigent circumstances, obtains a warrant
from a neutral and detached magistrate. Unbreakable encryption would upset this
delicate constitutional balance, which is one of the bedrock principles of our
legal system, by effectively nullifying a court's issuance of a search warrant
or wiretap order. The notion that advances in technology should dictate public
policy is backwards. Technology should serve society, not rule it; technology
should promote public safety, not defeat it.

Similarly, some industry and privacy advocates
claim that strong encryption such as 56-bit DES should be exportable without restriction
because, even if this leads to a massive proliferation of DES products both at
home and abroad, U.S. law enforcement and intelligence agencies can be given the
resources necessary to decrypt DES-encrypted communications. Essentially, they
argue that expensive, fast computers can be used to decipher encrypted communications
by "brute force" -- which essentially means trying every possible "key" (a sequence
of symbols that determines the transformation from plain text to cipher-text,
and vice versa) until the right one is found. For several reasons, this argument
-- that "brute force attacks" and additional resources will resolve the encryption
debate -- does not withstand scrutiny.

First, estimates regarding the amount of time
needed to decrypt an encrypted message by brute force are purely theoretical and
do not consider the realities associated with brute force attacks. For example,
such attacks assume that the nature of the underlying plain text is known in advance
(e.g., one knows from the outset that the text consists of words in English).
In fact, the "plain text" may be a foreign language, a graphic display, or some
other form of data completely unknown to the person trying to decipher it.

Moreover, according to the National Security
Agency's own estimates, the average time needed to decrypt a single message by
means of a brute force cryptoanalytic attack on 56-bit DES would be approximately
one year and eighty-seven days using a thirty-million-dollar Cray supercomputer.
Of course, law enforcement would not be confronted with only one message to decrypt.
During 1995, for example, federal and state courts authorized more than a thousand
electronic surveillance court orders, resulting in over two million intercepted
communications. Given such numbers, brute force attacks are not a feasible solution.

Additionally, law enforcement agencies at the
federal, state, and local level are finding that searches in routine, non-wiretap
cases now commonly result in the seizure of electronically stored information.
Because storage devices have increased in capacity and decreased in price, the
quantity of data seized in "ordinary" cases continues to increase dramatically.
If all of these communications and stored files were DES-encrypted, brute force
attacks would not provide a meaningful and timely solution, especially since some
cases, such as kidnappings, may require immediate decryption to prevent death
or serious bodily harm. Thus, even if hundreds of such supercomputers were built
(an expensive undertaking, to say the least), the approximately 17,000 federal,
state, and local law enforcement agencies could not be given timely access to
necessary decryption services.

Finally, many proponents of strong encryption
advocate its proliferation precisely because it cannot be decrypted by the government.
Thus, even if the government could acquire the ability to quickly decrypt DES-encrypted
communications and information, many of the brute force advocates would push for
even greater key lengths, on the ground that 56-bit DES no longer provided acceptable
security. But greater key lengths would, of course, increase the difficulty and
cost of decrypting encrypted data even more.

Our goal, then, must be to encourage the use
of strong encryption to protect privacy and commerce, but in a way that preserves
law enforcement's ability to protect public safety and national security against
terrorism and other criminal threats. A consensus is now emerging throughout much
of the world that the way to achieve this balance is through the use of a "key
recovery" or "trusted third party" system. Under this system, a key for a given
encryption product would be deposited with a trusted third party or "escrow" agent,
which could be a private party or a governmental entity. (Some entities, such
as large corporations, might be able to hold their own keys, provided that certain
procedural protections were established to preserve the integrity of a law enforcement
investigation.) The government would then be able, upon presenting a certification
from the relevant law enforcement official, to obtain the keys from the escrow
agent in order to decrypt information obtained pursuant to legal authorization.

Again, it is critical to keep in mind that,
under a key recovery system, the government would not be able to access arbitrarily
the encrypted communications of the average law-abiding citizen or business, because
access to encrypted data could be obtained only as part of a legally authorized
investigation. The same constitutional and statutory protections that preserve
every American's privacy interests today would prevent unauthorized intrusions
in a key recovery regime. Thus, under a key recovery system, there would be no
increase in the government's authority to search or surveill private communications.
At the same time, though, individuals and companies would gain the benefit of
strong cryptography to protect against non-governmental intrusions into their
privacy.

Beyond the interest in effective law enforcement,
many businesses are beginning to recognize their own need for some method of escrowing
keys. A private company, for example, might find that one of its employees had
improperly taken and encrypted confidential information in the company's files
and then absconded with the company's only copy of the keys. In such a situation,
the company's only means of retrieving the information might be to obtain the
keys from the escrow agent. And recent hacker cases, such as the one involving
an intrusion into Citibank's computers by hackers in St. Petersburg, Russia, have
further demonstrated to many businesses the general need for a cop on the "information
superhighway." A key recovery system would provide businesses with the encryption
they need to protect their own communications and stored data while preserving
law enforcement's ability to track down and prosecute criminals who use encryption
in an effort to conceal evidence of their illegal activities.

Key recovery thus holds great promise for providing
the security and confidentiality businesses and individuals want and need, while
preserving the government's ability to protect public safety and national security.
Because there are no restrictions on the use of encryption domestically, however,
there is presently no way to require the manufacture and use of key recovery products.
The Administration therefore has been pursuing a policy to promote the voluntary
manufacture and use of key recovery products, and the development of a key management
infrastructure ("KMI"), in the hope that market forces will make such products
a de facto industry standard.

We also have been engaged in ongoing discussions
on this subject with foreign governments, which are now anxious to join us in
developing international standards to address this issue on a global scale. In
fact, an experts working group of the Organization for Economic Cooperation and
Development (OECD) is meeting on September 26 and 27 to consider draft principles
that would acknowledge the need for encryption products and services that allow
for lawful government access to protect public safety and national security. We
believe that key recovery encryption will become the worldwide standard for users
of the GII if we continue our international leadership in this area.

If key recovery encryption does become the
worldwide standard, U.S. businesses will be able to compete abroad effectively,
retaining and even expanding their market share. At the same time, law enforcement
agencies will have a legally authorized means of decrypting encoded data. This
approach would therefore effectively serve the interests of all Americans.

The argument is sometimes made that key recovery
encryption is not the solution, because criminals will simply use non-key recovery
encryption to communicate among themselves and to hide evidence of their crimes.
But we believe that if strong key recovery encryption products that will not interoperate
-- at least in the long term -- with non-key recovery products are made available
both overseas and domestically and become part of a global KMI, such products
will become the worldwide standard. Under those circumstances, even criminals
will be compelled to use key recovery products, because even criminals need to
communicate with legitimate organizations such as banks, both nationally and internationally.

Let me turn now to H.R. 3011. We believe that
the central provision of the bill, Section 3 -- which would effectively eliminate
all export controls on strong encryption -- would undermine public safety and
national security by encouraging the proliferation of unbreakable encryption.
We therefore strongly oppose the bill.

We have heard, of course, the oft-repeated
argument that the "genie is already out of the bottle" -- that strong cryptography
is already widely available overseas and over the Internet and that attempts to
limit its spread are futile, and serve only to handicap U.S. manufacturers seeking
to sell their encryption products overseas. We disagree. Deputy Director Crowell
will address this argument more fully in his testimony, but let me just mention
four points briefly.

First, although strong encryption products
can be found overseas, these products are not ubiquitous, in part because the
export of strong cryptography is controlled by both the U.S. and other countries.
It is worth noting in this regard that export of encryption over the Internet,
like any other means of export, is restricted under U.S. law. Although it is difficult
completely to prevent encryption products from being sent abroad over the Internet,
we believe that the legal restrictions have significantly limited the use of the
Internet as a means of evading export controls.

Second, the products that are available overseas
are not widely used because there is not yet an infrastructure to support the
distribution of keys among users and to provide interoperability among the different
products. Third, the quality of encryption products offered abroad varies greatly,
with some encryption products not providing the level of protection advertised.
Finally, the availability of encryption over the Internet does not undermine the
utility of controls on exports of software or hardware products. The simple fact
is that the vast majority of businesses and individuals with a serious need for
strong encryption do not and will not rely on encryption downloaded from the Internet.
For these reasons, export controls therefore continue to serve an important function.

A few other factors are important to consider
regarding export controls. First, our allies strongly concur that unrestricted
export of encryption would severely hamper law enforcement objectives. Indeed,
when the U.S. let it be known at a December 1995 meeting of the OECD that it was
considering allowing the export of some stronger, non-escrowed encryption, many
of our allies expressed dismay at the prospect of such an action. They feared
that it would flood the global market with unbreakable cryptography, increasing
its use by criminal organizations and terrorists throughout Europe and the world.
It follows that the elimination of U.S. export controls, as provided by H.R. 3011,
would have an even more devastating impact on international law enforcement. It
would be a terrible irony if this government -- which prides itself on its leadership
in fighting international crime -- were to enact a law that would jeopardize public
safety and weaken law enforcement agencies worldwide.

Second, critics of export controls have mistakenly
assumed that the lifting of export controls would result in unrestricted access
to markets abroad by U.S. companies. But this assumption ignores the likely reaction
of foreign governments to the elimination of U.S. export controls. To date, most
other countries have not needed to restrict imports or domestic use of encryption,
largely because export controls in the U.S. -- the world leader in computer technology
-- and other countries have made such restrictions unnecessary. But given other
countries' legitimate concerns about the potential worldwide proliferation of
unbreakable cryptography, we believe that many of those countries would respond
to any lifting of U.S. export controls by imposing import controls, or by restricting
use of strong encryption by their citizens. France, Russia and Israel, for example,
have already established domestic restrictions on the import, manufacture, sale
and use of encryption products. And the European Union is moving towards the adoption
of a key-recovery-based key management infrastructure similar to that proposed
by the Administration. In the long run, then, U.S. companies might not be any
better off if U.S. export controls were lifted, but we would have undermined our
leadership role in fighting international crime and damaged our own national security
interests in the meantime.

Third, it is important to keep in mind that
the State Department has shown considerable flexibility in administering export
controls. For instance, it has permitted U.S. banks and other entities to export
strong encryption products for their own use abroad, and has permitted the export
of strong encryption as long as such encryption allows for legitimate government
access.

Finally, as Vice President Gore announced in
July, the Administration is considering various measures to liberalize export
controls for certain commercial encryption products, in order to promote the competitiveness
of U.S. manufacturers during the transition to a global KMI. In addition, the
Administration is considering transferring jurisdiction over commercial encryption
products from the Department of State to the Department of Commerce, a step which
also would ease the burden on industry by providing for faster and more transparent
decisions on applications for export licenses. We expect that a final decision
will be made on these steps shortly.

In light of these factors, we believe it would
be profoundly unwise simply to lift export controls on encryption. National security
should not be sacrificed for the sake of uncertain commercial benefits, especially
when there is the possibility of satisfying both security and commercial needs
simultaneously through global adoption of a key recovery system. There is only
one responsible course of action that we as government leaders should embark upon:
to promote socially-responsible encryption products, which contain robust cryptography
but that also provide for timely law enforcement access and decryption. This is
the Administration's policy, and we look forward to working with this Committee
as we continue to develop and implement our approach.

I would now be pleased to answer any questions
you may have.

Source: This speech is from a webpage that no longer exists.

Copyright information: Gifts of Speech believes that for copyright purposes, this speech is in the public domain since it is testimony before the U. S. Congress. Any use of this speech, however, should show proper attribution to its author.